Viewing docs for Google Cloud v9.23.0
published on Thursday, May 7, 2026 by Pulumi
published on Thursday, May 7, 2026 by Pulumi
Viewing docs for Google Cloud v9.23.0
published on Thursday, May 7, 2026 by Pulumi
published on Thursday, May 7, 2026 by Pulumi
A rule defines the deny or allow action of the operation it applies to and the conditions required for the rule to apply. You can set one rule for an entire repository and one rule for each package within.
To get more information about Rule, see:
- API documentation
- How-to Guides
Example Usage
Artifact Registry Rule Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.artifactregistry.Repository("default", {
location: "us-central1",
repositoryId: "my-repository",
description: "example docker repository",
format: "DOCKER",
});
const my_rule = new gcp.artifactregistry.Rule("my-rule", {
repositoryId: _default.repositoryId,
location: _default.location,
ruleId: "my-repo-rule-id",
action: "DENY",
operation: "DOWNLOAD",
condition: {
expression: "pkg.version.id < '2.0'",
title: "Block legacy versions",
description: "Prevents downloading images with version IDs less than 2.0",
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.artifactregistry.Repository("default",
location="us-central1",
repository_id="my-repository",
description="example docker repository",
format="DOCKER")
my_rule = gcp.artifactregistry.Rule("my-rule",
repository_id=default.repository_id,
location=default.location,
rule_id="my-repo-rule-id",
action="DENY",
operation="DOWNLOAD",
condition={
"expression": "pkg.version.id < '2.0'",
"title": "Block legacy versions",
"description": "Prevents downloading images with version IDs less than 2.0",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/artifactregistry"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := artifactregistry.NewRepository(ctx, "default", &artifactregistry.RepositoryArgs{
Location: pulumi.String("us-central1"),
RepositoryId: pulumi.String("my-repository"),
Description: pulumi.String("example docker repository"),
Format: pulumi.String("DOCKER"),
})
if err != nil {
return err
}
_, err = artifactregistry.NewRule(ctx, "my-rule", &artifactregistry.RuleArgs{
RepositoryId: _default.RepositoryId,
Location: _default.Location,
RuleId: pulumi.String("my-repo-rule-id"),
Action: pulumi.String("DENY"),
Operation: pulumi.String("DOWNLOAD"),
Condition: &artifactregistry.RuleConditionArgs{
Expression: pulumi.String("pkg.version.id < '2.0'"),
Title: pulumi.String("Block legacy versions"),
Description: pulumi.String("Prevents downloading images with version IDs less than 2.0"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.ArtifactRegistry.Repository("default", new()
{
Location = "us-central1",
RepositoryId = "my-repository",
Description = "example docker repository",
Format = "DOCKER",
});
var my_rule = new Gcp.ArtifactRegistry.Rule("my-rule", new()
{
RepositoryId = @default.RepositoryId,
Location = @default.Location,
RuleId = "my-repo-rule-id",
Action = "DENY",
Operation = "DOWNLOAD",
Condition = new Gcp.ArtifactRegistry.Inputs.RuleConditionArgs
{
Expression = "pkg.version.id < '2.0'",
Title = "Block legacy versions",
Description = "Prevents downloading images with version IDs less than 2.0",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.artifactregistry.Repository;
import com.pulumi.gcp.artifactregistry.RepositoryArgs;
import com.pulumi.gcp.artifactregistry.Rule;
import com.pulumi.gcp.artifactregistry.RuleArgs;
import com.pulumi.gcp.artifactregistry.inputs.RuleConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Repository("default", RepositoryArgs.builder()
.location("us-central1")
.repositoryId("my-repository")
.description("example docker repository")
.format("DOCKER")
.build());
var my_rule = new Rule("my-rule", RuleArgs.builder()
.repositoryId(default_.repositoryId())
.location(default_.location())
.ruleId("my-repo-rule-id")
.action("DENY")
.operation("DOWNLOAD")
.condition(RuleConditionArgs.builder()
.expression("pkg.version.id < '2.0'")
.title("Block legacy versions")
.description("Prevents downloading images with version IDs less than 2.0")
.build())
.build());
}
}
resources:
default:
type: gcp:artifactregistry:Repository
properties:
location: us-central1
repositoryId: my-repository
description: example docker repository
format: DOCKER
my-rule:
type: gcp:artifactregistry:Rule
properties:
repositoryId: ${default.repositoryId}
location: ${default.location}
ruleId: my-repo-rule-id
action: DENY
operation: DOWNLOAD
condition:
expression: pkg.version.id < '2.0'
title: Block legacy versions
description: Prevents downloading images with version IDs less than 2.0
Artifact Registry Rule Full
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.artifactregistry.Repository("default", {
location: "us-central1",
repositoryId: "my-repository",
description: "example docker repository",
format: "DOCKER",
});
const my_rule = new gcp.artifactregistry.Rule("my-rule", {
repositoryId: _default.repositoryId,
location: _default.location,
ruleId: "my-repo-rule-full-id",
action: "DENY",
operation: "DOWNLOAD",
packageId: "foo",
condition: {
expression: "pkg.version.id < '2.0'",
title: "Block legacy versions",
description: "Prevents downloading images with version IDs less than 2.0",
location: "artifact-registry-rules/policy.cel:1",
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.artifactregistry.Repository("default",
location="us-central1",
repository_id="my-repository",
description="example docker repository",
format="DOCKER")
my_rule = gcp.artifactregistry.Rule("my-rule",
repository_id=default.repository_id,
location=default.location,
rule_id="my-repo-rule-full-id",
action="DENY",
operation="DOWNLOAD",
package_id="foo",
condition={
"expression": "pkg.version.id < '2.0'",
"title": "Block legacy versions",
"description": "Prevents downloading images with version IDs less than 2.0",
"location": "artifact-registry-rules/policy.cel:1",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/artifactregistry"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := artifactregistry.NewRepository(ctx, "default", &artifactregistry.RepositoryArgs{
Location: pulumi.String("us-central1"),
RepositoryId: pulumi.String("my-repository"),
Description: pulumi.String("example docker repository"),
Format: pulumi.String("DOCKER"),
})
if err != nil {
return err
}
_, err = artifactregistry.NewRule(ctx, "my-rule", &artifactregistry.RuleArgs{
RepositoryId: _default.RepositoryId,
Location: _default.Location,
RuleId: pulumi.String("my-repo-rule-full-id"),
Action: pulumi.String("DENY"),
Operation: pulumi.String("DOWNLOAD"),
PackageId: pulumi.String("foo"),
Condition: &artifactregistry.RuleConditionArgs{
Expression: pulumi.String("pkg.version.id < '2.0'"),
Title: pulumi.String("Block legacy versions"),
Description: pulumi.String("Prevents downloading images with version IDs less than 2.0"),
Location: pulumi.String("artifact-registry-rules/policy.cel:1"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.ArtifactRegistry.Repository("default", new()
{
Location = "us-central1",
RepositoryId = "my-repository",
Description = "example docker repository",
Format = "DOCKER",
});
var my_rule = new Gcp.ArtifactRegistry.Rule("my-rule", new()
{
RepositoryId = @default.RepositoryId,
Location = @default.Location,
RuleId = "my-repo-rule-full-id",
Action = "DENY",
Operation = "DOWNLOAD",
PackageId = "foo",
Condition = new Gcp.ArtifactRegistry.Inputs.RuleConditionArgs
{
Expression = "pkg.version.id < '2.0'",
Title = "Block legacy versions",
Description = "Prevents downloading images with version IDs less than 2.0",
Location = "artifact-registry-rules/policy.cel:1",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.artifactregistry.Repository;
import com.pulumi.gcp.artifactregistry.RepositoryArgs;
import com.pulumi.gcp.artifactregistry.Rule;
import com.pulumi.gcp.artifactregistry.RuleArgs;
import com.pulumi.gcp.artifactregistry.inputs.RuleConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Repository("default", RepositoryArgs.builder()
.location("us-central1")
.repositoryId("my-repository")
.description("example docker repository")
.format("DOCKER")
.build());
var my_rule = new Rule("my-rule", RuleArgs.builder()
.repositoryId(default_.repositoryId())
.location(default_.location())
.ruleId("my-repo-rule-full-id")
.action("DENY")
.operation("DOWNLOAD")
.packageId("foo")
.condition(RuleConditionArgs.builder()
.expression("pkg.version.id < '2.0'")
.title("Block legacy versions")
.description("Prevents downloading images with version IDs less than 2.0")
.location("artifact-registry-rules/policy.cel:1")
.build())
.build());
}
}
resources:
default:
type: gcp:artifactregistry:Repository
properties:
location: us-central1
repositoryId: my-repository
description: example docker repository
format: DOCKER
my-rule:
type: gcp:artifactregistry:Rule
properties:
repositoryId: ${default.repositoryId}
location: ${default.location}
ruleId: my-repo-rule-full-id
action: DENY
operation: DOWNLOAD
packageId: foo
condition:
expression: pkg.version.id < '2.0'
title: Block legacy versions
description: Prevents downloading images with version IDs less than 2.0
location: artifact-registry-rules/policy.cel:1
Regional Endpoint Policies
This resource supports Regional Endpoint Policies (REP). See the provider reference for more details on configuration.
Create Rule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Rule(name: string, args: RuleArgs, opts?: CustomResourceOptions);@overload
def Rule(resource_name: str,
args: RuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Rule(resource_name: str,
opts: Optional[ResourceOptions] = None,
repository_id: Optional[str] = None,
rule_id: Optional[str] = None,
action: Optional[str] = None,
condition: Optional[RuleConditionArgs] = None,
location: Optional[str] = None,
operation: Optional[str] = None,
package_id: Optional[str] = None,
project: Optional[str] = None)func NewRule(ctx *Context, name string, args RuleArgs, opts ...ResourceOption) (*Rule, error)public Rule(string name, RuleArgs args, CustomResourceOptions? opts = null)type: gcp:artifactregistry:Rule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ruleResource = new Gcp.ArtifactRegistry.Rule("ruleResource", new()
{
RepositoryId = "string",
RuleId = "string",
Action = "string",
Condition = new Gcp.ArtifactRegistry.Inputs.RuleConditionArgs
{
Expression = "string",
Description = "string",
Location = "string",
Title = "string",
},
Location = "string",
Operation = "string",
PackageId = "string",
Project = "string",
});
example, err := artifactregistry.NewRule(ctx, "ruleResource", &artifactregistry.RuleArgs{
RepositoryId: pulumi.String("string"),
RuleId: pulumi.String("string"),
Action: pulumi.String("string"),
Condition: &artifactregistry.RuleConditionArgs{
Expression: pulumi.String("string"),
Description: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
Location: pulumi.String("string"),
Operation: pulumi.String("string"),
PackageId: pulumi.String("string"),
Project: pulumi.String("string"),
})
var ruleResource = new com.pulumi.gcp.artifactregistry.Rule("ruleResource", com.pulumi.gcp.artifactregistry.RuleArgs.builder()
.repositoryId("string")
.ruleId("string")
.action("string")
.condition(RuleConditionArgs.builder()
.expression("string")
.description("string")
.location("string")
.title("string")
.build())
.location("string")
.operation("string")
.packageId("string")
.project("string")
.build());
rule_resource = gcp.artifactregistry.Rule("ruleResource",
repository_id="string",
rule_id="string",
action="string",
condition={
"expression": "string",
"description": "string",
"location": "string",
"title": "string",
},
location="string",
operation="string",
package_id="string",
project="string")
const ruleResource = new gcp.artifactregistry.Rule("ruleResource", {
repositoryId: "string",
ruleId: "string",
action: "string",
condition: {
expression: "string",
description: "string",
location: "string",
title: "string",
},
location: "string",
operation: "string",
packageId: "string",
project: "string",
});
type: gcp:artifactregistry:Rule
properties:
action: string
condition:
description: string
expression: string
location: string
title: string
location: string
operation: string
packageId: string
project: string
repositoryId: string
ruleId: string
Rule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Rule resource accepts the following input properties:
- Repository
Id string - The last part of the repository name, for example: "repo1"
- Rule
Id string - The rule id to use for this repository.
- Action string
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - Condition
Rule
Condition - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- Location string
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - Operation string
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - Package
Id string - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Repository
Id string - The last part of the repository name, for example: "repo1"
- Rule
Id string - The rule id to use for this repository.
- Action string
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - Condition
Rule
Condition Args - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- Location string
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - Operation string
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - Package
Id string - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- repository
Id String - The last part of the repository name, for example: "repo1"
- rule
Id String - The rule id to use for this repository.
- action String
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - condition
Rule
Condition - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- location String
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - operation String
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - package
Id String - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- repository
Id string - The last part of the repository name, for example: "repo1"
- rule
Id string - The rule id to use for this repository.
- action string
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - condition
Rule
Condition - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- location string
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - operation string
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - package
Id string - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- repository_
id str - The last part of the repository name, for example: "repo1"
- rule_
id str - The rule id to use for this repository.
- action str
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - condition
Rule
Condition Args - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- location str
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - operation str
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - package_
id str - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- repository
Id String - The last part of the repository name, for example: "repo1"
- rule
Id String - The rule id to use for this repository.
- action String
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - condition Property Map
- Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- location String
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - operation String
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - package
Id String - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Outputs
All input properties are implicitly available as output properties. Additionally, the Rule resource produces the following output properties:
Look up Existing Rule Resource
Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleState, opts?: CustomResourceOptions): Rule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
condition: Optional[RuleConditionArgs] = None,
location: Optional[str] = None,
name: Optional[str] = None,
operation: Optional[str] = None,
package_id: Optional[str] = None,
project: Optional[str] = None,
repository_id: Optional[str] = None,
rule_id: Optional[str] = None) -> Rulefunc GetRule(ctx *Context, name string, id IDInput, state *RuleState, opts ...ResourceOption) (*Rule, error)public static Rule Get(string name, Input<string> id, RuleState? state, CustomResourceOptions? opts = null)public static Rule get(String name, Output<String> id, RuleState state, CustomResourceOptions options)resources: _: type: gcp:artifactregistry:Rule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - Condition
Rule
Condition - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- Location string
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - Name string
- The name of the rule, for example: "projects/p1/locations/us-central1/repositories/repo1/rules/rule1".
- Operation string
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - Package
Id string - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Repository
Id string - The last part of the repository name, for example: "repo1"
- Rule
Id string - The rule id to use for this repository.
- Action string
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - Condition
Rule
Condition Args - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- Location string
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - Name string
- The name of the rule, for example: "projects/p1/locations/us-central1/repositories/repo1/rules/rule1".
- Operation string
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - Package
Id string - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Repository
Id string - The last part of the repository name, for example: "repo1"
- Rule
Id string - The rule id to use for this repository.
- action String
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - condition
Rule
Condition - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- location String
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - name String
- The name of the rule, for example: "projects/p1/locations/us-central1/repositories/repo1/rules/rule1".
- operation String
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - package
Id String - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- repository
Id String - The last part of the repository name, for example: "repo1"
- rule
Id String - The rule id to use for this repository.
- action string
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - condition
Rule
Condition - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- location string
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - name string
- The name of the rule, for example: "projects/p1/locations/us-central1/repositories/repo1/rules/rule1".
- operation string
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - package
Id string - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- repository
Id string - The last part of the repository name, for example: "repo1"
- rule
Id string - The rule id to use for this repository.
- action str
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - condition
Rule
Condition Args - Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- location str
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - name str
- The name of the rule, for example: "projects/p1/locations/us-central1/repositories/repo1/rules/rule1".
- operation str
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - package_
id str - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- repository_
id str - The last part of the repository name, for example: "repo1"
- rule_
id str - The rule id to use for this repository.
- action String
- The action this rule takes.
Possible values are:
ACTION_UNSPECIFIED,ALLOW,DENY. - condition Property Map
- Optional. A CEL expression for conditions that must be met in order for the rule to apply. If not provided, the rule matches all objects. Structure is documented below.
- location String
- The name of the repository's location. In addition to specific regions,
special values for multi-region locations are
asia,europe, andus. See here, or use the gcp.artifactregistry.getLocations data source for possible values. - name String
- The name of the rule, for example: "projects/p1/locations/us-central1/repositories/repo1/rules/rule1".
- operation String
- The operation the rule applies to.
Possible values are:
OPERATION_UNSPECIFIED,DOWNLOAD. - package
Id String - The package ID the rule applies to. If empty, this rule applies to all packages inside the repository.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- repository
Id String - The last part of the repository name, for example: "repo1"
- rule
Id String - The rule id to use for this repository.
Supporting Types
RuleCondition, RuleConditionArgs
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose.
Import
Rule can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/rules/{{rule_id}}{{project}}/{{location}}/{{repository_id}}/{{rule_id}}{{location}}/{{repository_id}}/{{rule_id}}
When using the pulumi import command, Rule can be imported using one of the formats above. For example:
$ pulumi import gcp:artifactregistry/rule:Rule default projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/rules/{{rule_id}}
$ pulumi import gcp:artifactregistry/rule:Rule default {{project}}/{{location}}/{{repository_id}}/{{rule_id}}
$ pulumi import gcp:artifactregistry/rule:Rule default {{location}}/{{repository_id}}/{{rule_id}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
Viewing docs for Google Cloud v9.23.0
published on Thursday, May 7, 2026 by Pulumi
published on Thursday, May 7, 2026 by Pulumi
